Security Audit Reports

Hospitals are faced daily with the responsibility of protecting patient information and maintaining compliance with HIPAA (the Health Insurance Portability and Accountability Act). The HITECH Act (Health Information Technology for Economic and Clinical Health) of 2009 makes data security even more critical with strict new rules governing protected health information and penalties when patient data are accessed without authorization.

For MEDITECH customers using the Data Repository, Acmeware has developed a suite of reports that provide detailed and timely information about user access to patient data. Using the DR as the source for security and access audits has several advantages over using the MEDITECH Standard Reports. While audit trail data are purged from the MEDITECH HCIS according to your site’s parameters (typically every 30-60 days), the data are never purged from DR. This provides a deeper history and extends your reporting abilities to the date of your DR’s initial population.

The base level of user activity within the DR tracks when a user accesses their MT menu, what device it was accessed from, and what patient accounts were accessed. The details however are stored within the DR in hundreds of tables across a number of applications. Our report targets a select list of tables to show the transaction details from the Admissions (ADM), Billing/Accounts Receivable (BAR) and Abstracting (ABS) modules. We display edits made by the user with both the old and new values, along with various other fields (depending upon the application) to best represent how a patient record was accessed.

The amount of detail and history available in the DR is a step above the typical security audits that can be performed using Standard Reports or by using just the User Statistics tables from the DR. Our DR-based reports can be customized to include the specific data that your facility wants or needs to monitor. Once all of the required data are identified and available for reports, the next challenge is formatting and presenting a large amount of data quickly and easily. Acmeware leverages your existing SQL Server platform and Business Intelligence tools to make the reports available to users you need using Microsoft’s SQL Server Reporting Services (SSRS). This allows easy Intranet-based delivery of these reports to the right people. For more information on this or any other custom report needs.